<?php
    session_start();

    if(isset($_POST['username']))
        $username = $_POST['username'];
    if(isset($_POST['password']))
        $password = $_POST['password'];

    $username = stripslashes($username);
    $password = stripslashes($password);

    require 'phpincludes/dbconnect.php';
    $safeusername = mysql_real_escape_string($username);
    $safepassword = mysql_real_escape_string($password);
    $query = "SELECT * FROM `".$tblusers."` WHERE `username` = '".$safeusername."' AND `password` = '".md5($safepassword)."'";
    $res = mysql_query($query);
    $row = mysql_fetch_assoc($res);
    mysql_close();

    if($row['id']){
        $_SESSION['id'] = $row['id'];
    }
    else
       $_SESSION['usernotfound'] = true;

   if(isset($_GET['retpage']))
        $retpage = $_GET['retpage'];
    else
        $retpage = 'index.php';

    if(isset($_GET['showitem']) && $_GET['showitem'] != '')
        $returl = $retpage.'?showitem='.$_GET['showitem'];
    else
        $returl = $retpage;

    header('Location: '.$returl);
    exit();
?>